Facebook combats spam, clickjacking with four new features

One day after Symantec uncovered an alleged privacy breach, Facebook released four new features to its security suite, unrelated to the discovery.

These four additions aim to boost protective measures against scams, spam, clickjacking and malicious cross-site scripting. The new features also include a new partnership with a website-vetting company and login approvals. Here's what you need to know about Facebook's latest fight against malware.

Facebook Partners With "Web of Trust"

Web of Trust (WOT) is a free safe-surfing tool that tells you which websites you can trust based on crowd-sourced ratings supplied by other WOT community members.

While Facebook already has a system that automatically scans links to determine whether the sites are spammy or contain malware, Facebook's partnership with WOT will provide your account with an extra line of defense.

If you happen to click on a link that may contain spam or malware, a pop-up will appear that explains that the link you're trying to visit could be dangerous. You then have the option to proceed or return to the previous page.

Since WOT is a crowd-sourced application, its effectiveness depends on the number of people rating the safety of various websites. Facebook anticipates that getting its members to submit questionable sites to the list will help to "massively increase" WOT's coverage and security reach.

]

Updated Clickjacking Precautions

Since spammers tend to take advantage of browser vulnerabilities, they often try to trick users into clicking on bad links--also known as clickjacking. Spammers do this by overlaying the link with something enticing, such as a phony offer.

One such clickjacking worm that spread through Facebook's "Like" feature last year and affected hundreds of thousands of users had a message that said, "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."

Facebook has now built a clickjacking defense into its "Like" button to alert you if Facebook thinks you're being tricked. When Facebook detects something suspicious, you'll be asked to confirm your "Like" before Facebook posts the action to your profile and your friends' News Feeds.

If you have already clicked on a link to add something to the "Likes and Interests" section of your profile, you can always edit the field by clicking "Edit My Profile" and selecting "Likes and Interests" from the menu on the left.

Self "Cross-Site Scripting" (XSS) Protection

Another way spammers take advantage of browser weakness: by asking users to copy and paste malicious code into their address bar. This causes the browser to take actions on the malware's behalf, including posting status updates with phony links and sending spam messages to friends.

You've probably seen Facebook friends post apologies more than once to their profile for unknowingly posting spam on friends' walls and warning others not to click it.

]

Now, when Facebook's systems detect that you have posted malicious code into your address bar, Facebook will display a popup confirming that you meant to do this, and will provide information on why it's a bad idea.

Advanced Login Approvals

Facebook's new "Login Approvals" function is now available to everyone. The feature is optional--but recommended for all Facebook users--and uses two-factor authentication. That means, if you choose to use it, whenever you log in to Facebook from a new device, you'll be required to also enter a code they send to your mobile phone via text message.

If Facebook sees a login attempt from a device that you haven't saved, you'll be notified the next time you log in. If you don't recognize the login, you can then change your password.

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited. Copyright 2013 IDG Communications.
ABN 14 001 592 650. All rights reserved.

Contact Us

With over 25 years of brand awareness and credibility, Good Gear Guide (formerly PC World Australia), consistently delivers editorial excellence through award-winning content and trusted product reviews.